Incident Management Policy

PURPOSESCOPEPOLICYEXCEPTIONSPOLICY COMPLIANCE AND MONITORING
POLICY REVIEWDEFINITIONSSUPPORTING DOCUMENTATIONREVISION HISTORY

This policy provides the formally documented expectations and intentions used to direct decision making and ensure consistent and appropriate development and implementation of processes, standards, roles, activities, etc., with regard to this policy.

Policy Owner: Manager, Performance Achievement

Policy Sponsor: Information Technology Service Management (ITSM) Steering Committee

The policy owner has the responsibility and authority to execute the defined and established Incident Management Process.

Note: An owner must be a PCES-level manager.

PURPOSE

The purpose of this policy is to ensure that any incidents that affect the daily operations of the Postal Service Technology Environments are managed through an established process. USPS will utilize the best practice framework for the implementation of Incident Management within Postal Service Technology.

Incident Management is the process that defines an unplanned interruption to an IT service or reduction in the quality of an IT service. Failure of a configuration item that has not yet affected service is also considered an incident.

The goal of Incident Management is to restore the IT service to its normal operation within agreed service level targets and to manage unplanned events which result in the following:

SCOPE

This policy applies to all Postal Service personnel and contracted vendors involved in activities that cause or require changes to technology solutions within the Postal Service Technology Environments. Therefore the scope of the Incident Management Policy includes the following:

All items not specifically listed within the Scope section are deemed “Out-of-Scope.”

POLICY

The following policy is established for Incident Management:

  1. All USPS IT organizations must use the currently approved documented incident management process and will be reported, recorded, managed, and appropriately communicated through the approved Incident Management tool.

  2. All IT Managers are responsible for ensuring the Incident Management Process is followed.

  3. Upon resolution of an incident, the end user will be notified that the incident has been resolved and restored to normal business function. Once the incident has been resolved, the user will have seven (7) calendar days to reopen the incident.

  4. This policy will complement and not supersede compliance policies such as those associated with the Computer Incident Response Team (CIRT), Sarbanes-Oxley (SOX), Payment Card Industry (PCI), and Technology Solution Life Cycle (TSLC).

EXCEPTIONS

Any requests for exceptions to this policy must be submitted in writing and will be reviewed on a case-by-case basis. Exceptions shall be permitted only after documented approval from the ITSM Steering Committee.

POLICY COMPLIANCE AND MONITORING

Incidents will be reviewed on a periodic basis by the Incident Management Process Owner to audit policy compliance. This is to ensure that the procedures, guidelines, and standards set forth in the Incident Management Process are adhered to.

POLICY REVIEW

The Incident Management Policy will be reviewed on the following basis:

DEFINITIONS

SUPPORTING DOCUMENTATION

Access Supporting Documentation from ITWEB (internal):

Access Supporting Documentation from USPS.com (external):

REVISION HISTORY

Version
Date
Description
1.0 09.19.2011 Initial release
2.0 09.14.2012

Updates:

  • Introduction: Updated the Policy Owner
  • Purpose: Updated this section to reflect current practices
  • Scope: Added the following bullet: All environments subject to the Incident Management policy determined by the ITSM Steering Committee
  • Policy: Added the following to #5: Once the incident has been resolved, the user will have seven calendar (7) days to re-open the incident.
  • Exceptions: Added the following: Any requests for exceptions to this policy must be submitted in writing and will be reviewed on a case by case basis. Exceptions shall be permitted only after documented approval from the ITSM Steering Committee.
  • Policy Compliance and Monitoring: Added the following: Incidents will be reviewed on a periodic basis by the Incident Management Process Owner to audit policy compliance. This is to ensure that the procedures, guidelines, and standards set forth in the Incident Management Process are adhered to.
  • Supporting Documentation: Removed links that are no longer needed.
  • Definitions: New section

Note: This document was made Section 508 compliant and was converted to HTML.

2.1 08.04.2014 Supporting Documentation: Created redirect link from ITWEB and updated Supporting Documentation hyperlinks, so document is published only on USPS.com.
2.2 12.08.2016 Removed obsolete definitions; removed Incident Management User Guide from the list of supporting documents. CR #234566
Powered By OneLink